monitoring blocked IPs on NSG

Jonesy Cat 21 Reputation points
2021-02-25T06:59:50.24+00:00

Hello,

we've set up NSG to block all traffic (except some white-listed IP ranges) to our Kubernetes services, but now we would like to monitor what IPs are being blocked. Is there any way to see what kind of traffic is incoming and getting blocked? Is it logged somewhere? Just to audit the blocked IPs, so we can see if some IP is blocked by our mistake and should be allowed instead.

Thanks for any help!

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,785 questions
Azure Network Watcher
Azure Network Watcher
An Azure service that is used to monitor, diagnose, and gain insights into network performance and health.
156 questions
Azure Kubernetes Service (AKS)
Azure Kubernetes Service (AKS)
An Azure service that provides serverless Kubernetes, an integrated continuous integration and continuous delivery experience, and enterprise-grade security and governance.
1,846 questions
0 comments
Accepted answer
  1. SUNOJ KUMAR YELURU 13,921 Reputation points MVP
    2021-02-25T08:42:02.633+00:00

    Hi @Jonesy Cat
    NSG Flow logs should show the IP address and port of the client on inbound traffic.
    Network security group (NSG) flow logs is a feature of Azure Network Watcher that allows you to log information about IP traffic flowing through an NSG. Flow data is sent to Azure Storage accounts from where you can access it as well as export it to any visualization tool, SIEM, or IDS of your choice.

    NSG Flow Log Common use Cases:
    Network Monitoring
    Usage monitoring and optimization
    Compliance
    Network forensics & Security analysis

    Enabling NSG Flow Logs

    If the Answer is helpful, please click **Accept Answer** and up-vote, this can be beneficial to other community members.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest